瑞星卡卡安全论坛
神乐乐 - 2007-7-6 19:08:00
我在玩魔兽时会莫名奇妙跳到桌面,但点魔兽还能玩,我也没按任何键,就跳出去,每天都会出现此问题,为什么啊 ???怎么解决!!谢谢
Leoooo - 2007-7-6 19:34:00
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"忽略系统文件"、"文件详细信息"、"文件名相似分析"3个选项
4 开始扫描=》导出信息,导成txt格式(也可以是htm格式方便自己看,不过论坛不能上传htm格式)
5 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm
神乐乐 - 2007-7-6 20:33:00
瑞星卡卡电脑诊断日志 v1.20 (2007-7-6 20:18:33) 北京瑞星科技股份有限公司
注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;
+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
52B851FE
[A ] 1. c:\windows\system32\34978a02.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
Lenovo Upgrade Service.bis.release
[AM] 2. c:\program files\lenovo\liveupdate\liveupdate.exe
新思软件技术有限公司
liveupdate
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 B5 41 00 68 DA 8A 41 00 64
LitModeCtrl
[A ] 3. c:\program files\lenovo\modeswitch\litmodectrl.exe
TODO: <公司名>
TODO: <文件说明>
.text,.rdata,.data,.rsrc,
6A 74 68 C8 F2 40 00 E8 FA 01 00 00 33 DB 89 5D
NVSvc
[AM] 4. c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 93.80
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 D5 41 00 68 B8 F4 40 00 64
RfwProxySrv
[A ] 5. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 94 40 00 68 40 85 40 00 64
RfwService
[AM] 6. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 AC 41 00 68 A0 8E 41 00 64
RsCCenter
[AM] 7. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 8. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
ADIHdAudAddService
[A ] 9. c:\windows\system32\drivers\adihdaud.sys
Analog Devices, Inc.
High Definition Audio Function Driver(Release Candidate 1)
.text,CODE,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 4C EA 01 00 85 C0 B9 40 BB 00
AEAudioService
[A ] 10. c:\windows\system32\drivers\aeaudio.sys
Andrea Electronics Corporation
Audio Noise Filtering Driver (32-bit)
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 84 2E 02 00 85 C0 B9 40 BB 00
AmdK8
[A ] 11. c:\windows\system32\drivers\amdk8.sys
Advanced Micro Devices
AMD Processor Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 B4 50 01 00 85 C0 B9 40 BB 00
BaseTDI
[A ] 12. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
bcm4sbxp
[A ] 13. c:\windows\system32\drivers\bcm4sbxp.sys
Broadcom Corporation
Broadcom Corporation NDIS 5.1 ethernet driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
ExpScaner
[A ] 14. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
FixDrv
[A ] 15. c:\windows\system32\drivers\fixdrv.sys
.text,.rdata,.data,PAGE,INIT,.reloc,
8B FF 55 8B EC A1 88 19 01 00 85 C0 B9 40 BB 00
HdAudAddService
[A ] 16. c:\windows\system32\drivers\hdaudio.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Function Driver v1.0a
.text,CODE,.rdata,.data,PAGE,PAGED,INIT,.rsrc,.reloc,
A1 8C B2 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
HDAudBus
[A ] 17. c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
A1 C0 D0 02 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
HookCont
[A ] 18. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 19. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 20. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
HookUrl
[A ] 21. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
HpaFilt
[A ] 22. c:\windows\system32\drivers\hpafilt.sys
Litsoft Co. LTD.
HPA Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 04 29 01 00 85 C0 B9 40 BB 00
HpaLower
[A ] 23. c:\windows\system32\drivers\hpalower.sys
.text,.rdata,.data,PAGE,INIT,.reloc,
8B FF 55 8B EC A1 04 06 01 00 85 C0 B9 40 BB 00
Iviaspi
[A ] 24. c:\windows\system32\drivers\iviaspi.sys
InterVideo, Inc.
InterVideo ASPI Shell
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 68 00 1E 01 00 8D 45 F4 50
MEMSCAN
[A ] 25. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
mProcRs
[A ] 26. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
NPF
[A ] 27. c:\windows\system32\drivers\npf.sys
CACE Technologies
npf
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 81 EC 80 00 00 00 53 56 57 8B 7D 0C 33
pciidey
[A ] 28. c:\windows\system32\drivers\pciidey.sys
Windows (R) 2000 DDK provider
Channel Resource Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
56 8B 74 24 0C 66 8B 06 66 05 02 00 57 66 A3 0A
RsAntiSpyware
[A ] 29. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsFwDrv
[A ] 30. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
RsNTGDI
[A ] 31. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
RSPPSYS
[A ] 32. c:\program files\rising\rav\rsppsys.sys
Rising
神乐乐 - 2007-7-6 20:35:00
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
Secdrv
[A ] 33. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
SenFiltService
[A ] 34. c:\windows\system32\drivers\senfilt.sys
Sensaura
Sensaura WDM 3D Audio Driver
.text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
E8 5B B9 FB FF E9 76 FF FF FF CC CC CC CC CC CC
SNP325
[A ] 35. c:\windows\system32\drivers\snp325.sys
Sonix Co. Ltd.
USB PC Camera driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
8B FF 55 8B EC A1 AC 0A 25 00 85 C0 B9 40 BB 00
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{4E83D567-4697-4F7B-B1F0-A513B01DB89A}
[AM] 36. c:\program files\chinanet\vnettransfer.dll
VnetTransfer Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 37. d:\我的软件\浩方\浩方对战平台\gameclient.exe
上海浩方在线信息技术有限公司
浩方对战平台
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 08 82 51 00 68 7E CB 4D 00 64
Exec
[A ] 38. c:\program files\messenger\msmsgs.exe
Microsoft Corporation
Windows Messenger
.text,.data,.rsrc,
6A 70 68 28 98 00 01 E8 BF 01 00 00 33 DB 53 8B
+ Explorer
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
KuGoo3
[A ] 39. d:\我的软件\kugoo\kugoo2007\inextend\kugoo3downxcontrol.ocx
CODE,DATA,BSS,.idata,.edata,.reloc,.rsrc,
55 8B EC 83 C4 C4 B8 FC 90 46 00 E8 64 D6 F9 FF
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
{81716107-A10D-11cf-64CD-11115FE1CF41}
[A ] 40. c:\windows\system32\nwizzhuxians.exe
VL橸谚�?_Y??G�,QV?褤瑒,
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
HyperTerminal Icon Ext
[A ] 41. c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
NvCpl DesktopContext Class
[AM] 42. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,CONST,.rsrc,.reloc,
6A 0C 68 00 E5 23 10 E8 88 0E 00 00 33 C0 40 89
Play on my TV helper
[AM] 42. c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,CONST,.rsrc,.reloc,
6A 0C 68 00 E5 23 10 E8 88 0E 00 00 33 C0 40 89
Desktop Explorer
[AM] 43. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
Desktop Explorer Menu
[AM] 43. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
nView Desktop Context Menu
[AM] 43. c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
6A 0C 68 A8 9A 02 10 E8 DF 36 00 00 33 C0 40 89
WinRAR shell extension
[AM] 44. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
RISING
[AM] 45. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{32CD708B-60A7-4C00-9377-D73EAA495F0F}
[AM] 45. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}
[AM] 46. c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ Logon
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Rav
[A ] 47. c:\program files\rising\rav\update\setup.exe
Beijing Rising Technology Co., Ltd.
Rising Setup Application
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 20 58 43 00 68 18 AA 42 00 64
KKDelay
[A ] 48. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
6A 60 68 18 51 40 00 E8 7F 0D 00 00 BF 94 00 00
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 49. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
[A ] 50. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
68 00 00 00 01 E8 91 F1 FF FF 6A 00 E8 A0 FF FF
+ 其他自启动项目
+ c:\autorun.inf
open
[A ] 51. c:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shellexecute
[A ] 51. c:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shell\Auto\command
[A ] 51. c:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
+ d:\autorun.inf
open
[A ] 52. d:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shellexecute
[A ] 52. d:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shell\Auto\command
[A ] 52. d:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
+ e:\autorun.inf
open
[A ] 53. e:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shellexecute
[A ] 53. e:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shell\Auto\command
[A ] 53. e:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
+ f:\autorun.inf
open
[A ] 54. f:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shellexecute
[A ] 54. f:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
shell\Auto\command
[A ] 54. f:\auto.exe
Microsoft Corporation
鸈0,鸈1,鸈2,
haohe的fans - 2007-7-6 20:36:00
========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改(一次发不完请分次发上来)
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
神乐乐 - 2007-7-6 20:37:00
谢谢帮我看一下
神乐乐 - 2007-7-6 20:52:00
[CODE]
2007-07-06,20:30:07
System Repair Engineer 2.5.16.900 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600)
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\CTFMON.EXE> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Rav><"C:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /ONCE> [Beijing Rising Technology Co., Ltd.]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
<N/A><C:\WINDOWS\system32\nwizzhuxians.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Error Reporting Service / ERSvc][Running/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[lenovo live update / Lenovo Upgrade Service.bis.release][Running/Auto Start]
<C:\Program Files\Lenovo\LiveUpdate\liveupdate.exe><新思软件技术有限公司>
[LitModeCtrl / LitModeCtrl][Stopped/Manual Start]
<"C:\Program Files\Lenovo\ModeSwitch\LitModeCtrl.exe"><TODO: <公司名>>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[52B851FE / 52B851FE][Stopped/Auto Start]
<C:\WINDOWS\system32\34978A02.EXE -k><Microsoft Corporation>
神乐乐 - 2007-7-6 20:53:00
驱动程序
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[AEAudio Service / AEAudioService][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
<system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
<system32\drivers\iviaspi.sys><InterVideo, Inc.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[USB PC Camera (SNPSTD325) / SNP325][Running/Manual Start]
<system32\DRIVERS\snp325.sys><Sonix Co. Ltd.>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
==================================
浏览器加载项
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\我的软件\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[联想]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Shockwave Flash
Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
神乐乐 - 2007-7-6 20:57:00
正在运行的进程
[PID: 560 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1076 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1140 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1492 / Luo hao][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\PROGRA~1\Lenovo\Common\Bin\BBVODH~1.OCX] [, 4.1.2.6]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqjsj.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\WINDOWS\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINDOWS\system32\nwizwlwzs.dll] [N/A, ]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9380]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9380]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\system32\k11836979914.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837016084.DAT] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\k11837052244.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837088404.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837124574.DAT] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\nwiztlbb.dll] [N/A, ]
[C:\WINDOWS\system32\k11837160764.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837196924.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837233074.DAT] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 1556 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 9]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1744 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 2008 / Luo hao][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 56]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837016084.DAT] [N/A, ]
[C:\WINDOWS\system32\k11836979914.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837233074.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837196924.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837160764.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837124574.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837088404.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837052244.DAT] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[PID: 188 / SYSTEM][C:\Program Files\Lenovo\LiveUpdate\liveupdate.exe] [新思软件技术有限公司, 3, 2, 4, 18]
[C:\Program Files\Lenovo\LiveUpdate\HttpLink.dll] [新思软件技术有限公司, 3, 2, 4, 7]
[C:\Program Files\Lenovo\LiveUpdate\WINHTTP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Lenovo\LiveUpdate\GdiImage.dll] [N/A, ]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 220 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9380]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 376 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1804 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 1384 / Luo hao][C:\WINDOWS\CameraFixer.exe] [, 1, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 480 / Luo hao][C:\WINDOWS\vsnp325.exe] [, 1, 0, 5, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 2000 / Luo hao][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 2660 / Luo hao][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[PID: 2716 / Luo hao][C:\Program Files\ChinaNet\VnetClient.exe] [, 2006, 3, 17, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 3, 8, 18]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 2, 8, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2006, 2, 20, 1]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2006, 5, 29, 14]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 5, 26, 9]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 11, 14, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 3, 24, 9]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2006, 5, 24, 16]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, ]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 5, 29, 11]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2006, 5, 24, 14]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2006, 3, 14, 10]
[C:\PROGRA~1\ChinaNet\MAGICD~1.OCX] [, 1, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
神乐乐 - 2007-7-6 20:59:00
[PID: 372 / Luo hao][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 3088 / Luo hao][C:\WINDOWS\system32\nslookupi.exe] [N/A, ]
[C:\WINDOWS\system32\WPCAP.DLL] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, ]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[PID: 4764 / Luo hao][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\k11837196924.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837160764.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837124574.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837088404.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837052244.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837016084.DAT] [N/A, ]
[C:\WINDOWS\system32\k11836979914.DAT] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINDOWS\system32\k11837233074.DAT] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 3516 / Luo hao][D:\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\k11837233074.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837196924.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837160764.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837124574.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837088404.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837052244.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837016084.DAT] [N/A, ]
[C:\WINDOWS\system32\k11836979914.DAT] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2008, C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1384, C:\WINDOWS\CAMERAFIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1384, C:\WINDOWS\CAMERAFIXER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 480, C:\WINDOWS\VSNP325.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2716, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3088, C:\WINDOWS\SYSTEM32\NSLOOKUPI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3088, C:\WINDOWS\SYSTEM32\NSLOOKUPI.EXE]
==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
==================================
隐藏进程
N/A
[/CODE]
神乐乐 - 2007-7-6 21:00:00
好了 好多啊 谢谢帮帮我看一下
神乐乐 - 2007-7-6 21:31:00
刚刚这个问题又出现了 好讨厌 有可能回卡机的 救我吧 谢谢
神乐乐 - 2007-7-6 22:08:00
我机器显示我中了Trojan.PSW.Win32.WoWar.sb和了Trojan.PSW.Onlinegames的病毒 会不会和他们有关啊 请各位高手帮帮我 谢谢拉
agee - 2007-7-6 22:16:00
删除以下服务
[52B851FE / 52B851FE][Stopped/Auto Start]
<C:\WINDOWS\system32\34978A02.EXE -k><Microsoft Corporation>
删除以下驱动
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
删除进程中调用的以下文件
[C:\WINDOWS\system32\B2DFC677.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\k11836943754.DAT] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\WINDOWS\system32\nwizqjsj.dll] [N/A, ]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[C:\WINDOWS\system32\nwizzhuxians.dll] [N/A, ]
[C:\WINDOWS\system32\k11836979914.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837016084.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837052244.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837088404.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837124574.DAT] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\nwiztlbb.dll] [N/A, ]
[C:\WINDOWS\system32\k11837160764.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837196924.DAT] [N/A, ]
[C:\WINDOWS\system32\k11837233074.DAT] [N/A, ]
[C:\WINDOWS\system32\WinForm.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
删除CDEF下的autorun.inf以及autorun.exe
并将上述有问题的启动项 服务 驱动原文件删除
神乐乐 - 2007-7-6 22:26:00
请问在哪里删除这些文件啊
agee - 2007-7-7 21:10:00
在SREng,就是你扫日志的软件里,有系统修复项,可以在其中删除启动项,服务,驱动。
然后按照文件地址手工删除那些文件
1
© 2000 - 2026 Rising Corp. Ltd.